Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in September 2017
<<   <   Page 2 / 3   >   >>
Get Serious about IoT Security
Commentary  |  9/20/2017  | 
These four best practices will help safeguard your organization in the Internet of Things.
10 Hot Cybersecurity Funding Rounds in Q3
Slideshows  |  9/20/2017  | 
The first two quarters of 2017 have been the most active ever in five years from a cybersecurity investment standpoint. Here's how the third quarter has shaped up.
Avast-Owned Piriform Releases CCleaner Security Update
Quick Hits  |  9/19/2017  | 
The Avast subsidiary has released two new versions of CCleaner following the discovery of a supply-chain attack.
New Spam Campaign Literally Doubles Down on Ransomware
News  |  9/19/2017  | 
An upgraded spam campaign alternates Locky and FakeGlobe ransomware, forcing victims to pay twice or lose all their data.
GDPR & the Rise of the Automated Data Protection Officer
Commentary  |  9/19/2017  | 
Can artificial intelligence and machine learning solve the skills shortage as the EU's General Data Protection Regulation deadline approaches?
Viacom's Secret Cloud Keys Exposed
Quick Hits  |  9/19/2017  | 
The entertainment giant is the latest company to misconfigure its Amazon Web Services S3 cloud storage bucket.
Siemens' New ICS/SCADA Security Service a Sign of the Times
News  |  9/19/2017  | 
Major ICS/SCADA vendors are entering the managed security services business with cloud-based offerings for energy and other industrial sectors.
How Apple's New Facial Recognition Technology Will Change Enterprise Security
Commentary  |  9/19/2017  | 
Expect a trickle-down effect, as tech similar to Face ID becomes offered outside of Apple.
Equifax Exec Departures Raise Questions About Responsibility for Breach
News  |  9/18/2017  | 
Disclosed details suggest a failure by the technology team but senior executives and the board are not above responsibility as well, experts say.
Avast CCleaner Compromised Amid Rise in Supply Chain Threats
News  |  9/18/2017  | 
Attackers somehow hacked the build system of Avast's CCleaner to deliver malware, potentially affecting millions of users.
Equifax Hit with Lawsuit
Quick Hits  |  9/18/2017  | 
Victims living or doing business in Florida can send a certified letter to seek relief and still remain in compliance with the state's credit laws, attorney says.
To Be Ready for the Security Future, Pay Attention to the Security Past
Commentary  |  9/18/2017  | 
It's easy to just move on to the next problem, ignoring what's happened -- but that's a mistake.
Public, Hybrid Cloud Security Fears Abound
News  |  9/16/2017  | 
Most CISOs say encryption is the most effective security tool for data in the public cloud, but only one in six encrypt all data stored there.
OurMine Claims Vevo Hack, Releases 3.12TB of Data
Quick Hits  |  9/16/2017  | 
Group known for claiming responsibility for hacking Mark Zuckerberg's Twitter account and the WikiLeaks' DNS attack says it's behind the Vevo breach.
Equifax CIO, CSO Step Down
Quick Hits  |  9/15/2017  | 
Embattled credit-monitoring company names interim replacements for both positions and outlines more details about the massive breach.
Senators Propose US Elections Cybersecurity Commission
Quick Hits  |  9/15/2017  | 
The proposed commission would aim to review the 2016 election process and safeguard future elections from interference.
Google, Spotify Build Open-Source Community for GCP Security
Quick Hits  |  9/15/2017  | 
Google and Spotify create Forseti, an open-source community with tools to secure projects on the Google Cloud Platform.
Security Orchestration & Automation: Parsing the Options
Commentary  |  9/15/2017  | 
Once you head down the path of orchestration, security teams will need to decide how much automation they are ready for. Here's how.
Attacks on Android Soared 40% in Q2
News  |  9/15/2017  | 
Despite a rise in attacks, the average number of malicious variants remains surprisingly limited, according to a report from Avast.
7 Indicted Iranian Nationals Now Hit with Sanctions by US Treasury
Quick Hits  |  9/15/2017  | 
US Dept. of Treasury has announced sanctions against Iranian nationals and security firms for 'malicious cyber-activity' against US interests.
Attacking Developers Using 'Shadow Containers'
Attacking Developers Using 'Shadow Containers'
Dark Reading Videos  |  9/15/2017  | 
Sagie Dulce describes why developers are such attractive targets and how the Docker API can be exploited to use one of developers' favorite tools against them in sneaky, obfuscated attacks.
FTC Opens Probe into Equifax Data Breach
News  |  9/14/2017  | 
Apache Struts flaw was known to be critical and should have been addressed, security researchers say.
Microsoft's Azure 'Confidential Computing' Encrypts Data in Use
News  |  9/14/2017  | 
Early Access program under way for new Azure cloud security feature.
A New Model for 'Mathematically Provable Security'
A New Model for 'Mathematically Provable Security'
Dark Reading Videos  |  9/14/2017  | 
Winn Schwartau, CEO of The Security Awareness Company, says we all know the old model of security is broken and it's time for a new one.
Cloud Security's Shared Responsibility Is Foggy
Commentary  |  9/14/2017  | 
Security is a two-way street. The cloud provider isn't the only one that must take precautions.
Microsoft Office Zero-Day Spread Surveillance Software
Quick Hits  |  9/14/2017  | 
FireEye discovered CVE-2017-8759 flaw patched by Microsoft this week.
'ExpensiveWall' Attacks More Than 1 Million Android Users
Quick Hits  |  9/14/2017  | 
New Android malware variant registers users for paid services without their permission and sends bogus premium SMS messages.
Encryption: A New Boundary for Distributed Infrastructure
Commentary  |  9/14/2017  | 
As the sheet metal surrounding traditional infrastructure continues to fall away, where should security functions in a cloud environment reside?
The Hunt for IoT: The Rise of Thingbots
Partner Perspectives  |  9/14/2017  | 
Across all of our research, every indication is that todays "thingbots" botnets built exclusively from Internet of Things devices will become the infrastructure for a future Darknet.
'Bashware' Undermines Windows 10 Security Via Linux Subsystem
News  |  9/13/2017  | 
New WSL feature in Windows 10 gives attackers a way to run malware without being detected by any current endpoint security tools, Check Point says.
Trump Orders Removal of Kaspersky Products from Federal Systems
Quick Hits  |  9/13/2017  | 
The president cites concern that the Russia-based company could be influenced by the Kremlin.
Experts Weigh Pros, Cons of FaceID Authentication in iPhone X
News  |  9/13/2017  | 
Security pros discuss Apple's decision to swap fingerprint scanning for facial recognition technology in the latest iPhone.
Businesses Fail to Properly Secure, Assess SSH: ISACA
Quick Hits  |  9/13/2017  | 
Frequently used but underappreciated, Secure Shell is rarely secured, assessed, documented, or managed in a systematic way, researchers report.
5 Problems That Keep CISOs Awake at Night
Commentary  |  9/13/2017  | 
The last few years have shown a big difference in the way cyber-risks are acknowledged, but progress still needs to be made.
10 Ways to Prevent Your Mobile Devices From Becoming Bots
Slideshows  |  9/13/2017  | 
Enterprises may not notice a huge impact on their network's bandwidth, but other repercussions may loom in the background.
China to Create Data Repository to Log Cyberattacks
Quick Hits  |  9/13/2017  | 
Telcos, government agencies, Internet companies, and domain-name organizations to file cybersecurity information.
20 Questions to Help Achieve Security Program Goals
Commentary  |  9/13/2017  | 
There are always projects, maturity improvements, and risk mitigation endeavors on the horizon. Here's how to keep them from drifting into the sunset.
Why InfoSec Hiring Managers Miss the Oasis in the Desert
News  |  9/13/2017  | 
Despite a sharp shortage of IT security professionals, a pool of potential talent is swimming below the surface.
Detection, Prevention & the Single-Vendor Syndrome
Partner Perspectives  |  9/13/2017  | 
Why security teams need to integrate 'Defense in Depth' principles into traditional solutions designed with integration and continuity in mind.
Billions Of Bluetooth Devices Vulnerable To Code Execution, MITM Attacks
News  |  9/12/2017  | 
IoT security vendor Armis this week disclosed a total of 8 zero-day bugs in Bluetooth implementations in Android, Windows, Linux, and IOS.
Shopify Risk Director Talks Ecommerce, Bug Bounty Program
News  |  9/12/2017  | 
Andrew Dunbar shares his experience growing a retail-focused security team, and combating the many threats facing online merchants and their customers.
The 'Team of Teams' Model for Cybersecurity
Commentary  |  9/12/2017  | 
Security leaders can learn some valuable lessons from a real-life military model.
Why North Korean Actors May Be Targeting Cryptocurrencies
Quick Hits  |  9/12/2017  | 
FireEye links North Korean cyberthieves to a recent spate of spearphishing attacks against South Korea.
IBM Launches New Tools for Container Security
Quick Hits  |  9/12/2017  | 
IBM's LinuxONE Emperor II addresses container security as researchers pay closer attention to containers' security shortcomings.
Deception: A Convincing New Approach to Cyber Defense
Commentary  |  9/12/2017  | 
How defenders in a US national security agency capture-the-flag exercise used an endless stream of false data across the network to thwart attackers and contain damage.
Tesla Hacks: The Good, The Bad, & The Ugly
Tesla Hacks: The Good, The Bad, & The Ugly
Dark Reading Videos  |  9/12/2017  | 
Keen Security Lab found multiple holes in the isolation layer Tesla uses to protect drive systems from infotainment systems, but were impressed by the auto company's security in other ways.
Equifax Gets Slammed, Removes Forced Arbitration Clause from Credit Monitoring Offer
News  |  9/11/2017  | 
Company's initial requirement that breach victims sign away their legal rights to get complimentary offer was one of several mistakes.
Spain Slaps Facebook with a 1.2 Million Euro Privacy Violation Fine
Quick Hits  |  9/11/2017  | 
Three infringements - one 'very serious' - of the country's data protection law are cited by the Spanish regulatory agency.
Ransomware, BEC, ICS Top Midyear Security Concerns
News  |  9/11/2017  | 
Business email compromise, ransomware, and industrial control attacks were among top security concerns in the first half of 2017.
Credit Card Hacker Roman Seleznev Enters More Guilty Pleas
News  |  9/11/2017  | 
The Russian hacker already hit with a 27-year prison sentence for credit card hacking pleads guilty to two more charges.
<<   <   Page 2 / 3   >   >>


44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0565
PUBLISHED: 2020-02-25
NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible.
CVE-2020-9393
PUBLISHED: 2020-02-25
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows XSS.
CVE-2020-9394
PUBLISHED: 2020-02-25
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows CSRF.
CVE-2019-3999
PUBLISHED: 2020-02-25
Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
CVE-2020-8809
PUBLISHED: 2020-02-25
Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and gurux.fi/updates/updates.xml. Then, the attacker ...